the insecure dependency is being triggered by the new 4.2 audit_log stuff. need to trick_taint the values once validated, and disable auditing on the push messaging objects.
Committing to: bzr+ssh://email@example.com/bmo/4.2/ modified contrib/sanitizeme.pl modified extensions/Push/lib/Admin.pm modified extensions/Push/lib/BacklogMessage.pm modified extensions/Push/lib/Backoff.pm modified extensions/Push/lib/LogEntry.pm modified extensions/Push/lib/Message.pm Committed revision 8677.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.